about Fortiweb SNAT - X-Forward

Forum|Forum|5 years ago
May 12, 2021
1 reply
3515 views

FortiADC is applying SNAT to all inbound traffic going to the servers. When an attack accurs, Fortiweb block traffic based on the 192.0.2.1 source ip adderss, which belongs to FortiADC. The setup is breaking all connectivity and genuine clients are not able to Access the servers. What must the administrator do to avoid this problem? (Choose two)

A. No special configuration is required connectivity will be re-established after the set timeout B. Enable the Add X-Forwarded-for setting on Fortiweb C. Place FortiWeb in front of FortiAdc D. Enable the use X-Forwarded-For setting on fortiweb

SJFriedl

New Member

[strike]I'm not familiar with the ADC, but using both a Virtual IP (which does NAT) *and* an IPv4 policy that enables NAT, would do something like that. Inbound policies should almost never use NAT when they're hitting a Virtual IP.[/strike]

Oh, this was exam prep - sorry.

Yurisk

SuperUser

The correct answer should be "Enable the Add X-Forwarded-for setting on ADC", which is your exam dump does not event include, you've got fake dump of a dump, ask for refund :)

If you have no idea about ADC/Fortiweb whatsoever - chances of passing the exam on dumps only is very low, be aware. At least study throughly NSE 6 (free) courses for ADC.

https://docs.fortinet.com/document/fortiadc/5.3.0/cli-reference/342760/config-load-balance-profile

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded